SecurityValidation
Launchpad Entry: arm-o-security-entropy-validation
Created: May 31st, 2011
Contributors: Michael Casadevall, Kees Cook
Packages affected:
Summary
As part of the Ubuntu Server on ARM, a strong emphasis on improving and validating ARM security has come to light. As such, we need to validate the security of Ubuntu on ARM, and document our methods of doing so
Release Note
Ubuntu on ARM security coverage is now on par with Ubuntu/x86.
Rationale
As the use of Ubuntu on ARM continues to grow, it would reflect extremely poorly if known CVEs that are patched on x86 would continue to persist. As such we need to validate that CVEs are also fixed on ARM.
User stories
Assumptions
- Embargoed patches will often resolve security fixes on multiple architectures
Implementation
Entropy Validation
A fundamental part of good security is the ability to generate good entropy. The quality of the entropy in the kernel must be tested to make sure it is of high quality for OpenSSH and other entropy using processes. ubuntu-qa-tools has tests that will help validate entropy status on AR.
Testing
The QA team has a pre-existing test suite of regression tests. This battery of tests should be run on both development releases on oneiric and on natty, and the results compared against i386/amd64 to insure good security converge.
Migration
None
Test/Demo Plan
It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.
This need not be added or completed until the specification is nearing beta.
ARM/SecurityValidation (last edited 2011-06-01 22:09:30 by 076-076-148-180)